3 lá˜_Ì6ã@sôddlmZmZmZddlZddlmZmZddlm Z ddl m Z m Z m Z mZmZmZddlmZddlmZddlmZmZmZmZmZmZmZd d „Zd d „Zd d„Zdd„Z dd„Z!ej"eƒGdd„de#ƒƒZ$ej"eƒGdd„de#ƒƒZ%dS)é)Úabsolute_importÚdivisionÚprint_functionN)ÚutilsÚx509)ÚUnsupportedAlgorithm)Ú_CRL_ENTRY_REASON_CODE_TO_ENUMÚ_asn1_integer_to_intÚ_asn1_string_to_bytesÚ_decode_x509_nameÚ_obj2txtÚ_parse_asn1_generalized_time)Ú _Certificate)Ú serialization)ÚOCSPCertStatusÚ OCSPRequestÚ OCSPResponseÚOCSPResponseStatusÚ_CERT_STATUS_TO_ENUMÚ _OIDS_TO_HASHÚ_RESPONSE_STATUS_TO_ENUMcstjˆƒ‡fdd„ƒ}|S)Ncs(|jtjkrtdƒ‚nˆ|f|žŽSdS)NzCOCSP response status is not successful so the property has no value)Úresponse_statusrÚ SUCCESSFULÚ ValueError)ÚselfÚargs)Úfunc©ú/usr/lib64/python3.6/ocsp.pyÚwrapper!s z._requires_successful_response..wrapper)Ú functoolsÚwraps)rrr)rrÚ_requires_successful_response s r"cCs^|jjdƒ}|jj|jj|jj||jj|ƒ}|j|dkƒ|j|d|jjkƒt||dƒS)NzASN1_OCTET_STRING **ér)Ú_ffiÚnewÚ_libÚOCSP_id_get0_infoÚNULLÚopenssl_assertr )ÚbackendÚcert_idZkey_hashÚresrrrÚ_issuer_key_hash.s r-cCs^|jjdƒ}|jj||jj|jj|jj|ƒ}|j|dkƒ|j|d|jjkƒt||dƒS)NzASN1_OCTET_STRING **r#r)r$r%r&r'r(r)r )r*r+Z name_hashr,rrrÚ_issuer_name_hash<s r.cCs^|jjdƒ}|jj|jj|jj|jj||ƒ}|j|dkƒ|j|d|jjkƒt||dƒS)NzASN1_INTEGER **r#r)r$r%r&r'r(r)r )r*r+Únumr,rrrÚ_serial_numberJs  r0c CsŽ|jjdƒ}|jj|jj||jj|jj|ƒ}|j|dkƒ|j|d|jjkƒt||dƒ}yt|Stk rˆt dj |ƒƒ‚YnXdS)NzASN1_OBJECT **r#rz*Signature algorithm OID: {} not recognized) r$r%r&r'r(r)r rÚKeyErrorrÚformat)r*r+Zasn1objr,ÚoidrrrÚ_hash_algorithmTs r4c@sbeZdZdd„ZejdƒZeedd„ƒƒZ eedd„ƒƒZ eedd „ƒƒZ eed d „ƒƒZ eed d „ƒƒZ eedd„ƒƒZeedd„ƒƒZdd„Zeedd„ƒƒZeedd„ƒƒZeedd„ƒƒZeedd„ƒƒZeedd„ƒƒZeedd„ƒƒZeed d!„ƒƒZeed"d#„ƒƒZeed$d%„ƒƒZeed&d'„ƒƒZejed(d)„ƒƒZejed*d+„ƒƒZd,d-„Zd.S)/Ú _OCSPResponsecCs||_||_|jjj|jƒ}|jj|tkƒt||_|jtjkrü|jjj |jƒ}|jj||jj j kƒ|jj j ||jjj ƒ|_|jjj|jƒ}|dkr¦tdj|ƒƒ‚|jjj|jdƒ|_|jj|j|jj j kƒ|jjj|jƒ|_|jj|j|jj j kƒdS)Nr#zhOCSP response contains more than one SINGLERESP structure, which this library does not support. {} foundr)Ú_backendÚ_ocsp_responser&ZOCSP_response_statusr)rÚ_statusrrZOCSP_response_get1_basicr$r(ÚgcZOCSP_BASICRESP_freeÚ_basicZOCSP_resp_countrr2ZOCSP_resp_get0Ú_singleZOCSP_SINGLERESP_get0_idÚ_cert_id)rr*Z ocsp_responseÚstatusZbasicZnum_resprrrÚ__init__js.   z_OCSPResponse.__init__r8cCs>|jjj|jƒ}|jj||jjjkƒt|j|jƒ}t j |ƒS)N) r6r&ZOCSP_resp_get0_tbs_sigalgr:r)r$r(r Ú algorithmrZObjectIdentifier)rZalgr3rrrÚsignature_algorithm_oidŒsz%_OCSPResponse.signature_algorithm_oidc Cs8|j}y tj|Stk r2tdj|ƒƒ‚YnXdS)Nz)Signature algorithm OID:{} not recognized)r@rZ_SIG_OIDS_TO_HASHr1rr2)rr3rrrÚsignature_hash_algorithm”s  z&_OCSPResponse.signature_hash_algorithmcCs2|jjj|jƒ}|jj||jjjkƒt|j|ƒS)N)r6r&ZOCSP_resp_get0_signaturer:r)r$r(r )rZsigrrrÚ signatureŸsz_OCSPResponse.signaturecs¢ˆjjjˆjƒ}ˆjj|ˆjjjkƒˆjjjdƒ}ˆjjj||ƒ}ˆjj|dˆjjjkƒˆjjj |‡fdd„ƒ}ˆjj|dkƒˆjjj |d|ƒdd…S)Nzunsigned char **rcsˆjjj|dƒS)Nr)r6r&Z OPENSSL_free)Zpointer)rrrÚ¯sz2_OCSPResponse.tbs_response_bytes..) r6r&ZOCSP_resp_get0_respdatar:r)r$r(r%Zi2d_OCSP_RESPDATAr9Úbuffer)rZrespdataZppr,r)rrÚtbs_response_bytes¦sz _OCSPResponse.tbs_response_bytescCsz|jjj|jƒ}|jjj|ƒ}g}xRt|ƒD]F}|jjj||ƒ}|jj||jjj kƒt |j|ƒ}||_ |j |ƒq,W|S)N) r6r&ZOCSP_resp_get0_certsr:Z sk_X509_numÚrangeZ sk_X509_valuer)r$r(rZ _ocsp_respÚappend)rZsk_x509r/ZcertsÚirZcertrrrÚ certificates´s z_OCSPResponse.certificatescCs.|jƒ\}}||jjjkrdSt|j|ƒSdS)N)Ú_responder_key_namer6r$r(r )rÚ_Ú asn1_stringrrrÚresponder_key_hashÆs z _OCSPResponse.responder_key_hashcCs.|jƒ\}}||jjjkrdSt|j|ƒSdS)N)rJr6r$r(r )rÚ x509_namerKrrrÚresponder_nameÏs z_OCSPResponse.responder_namecCsP|jjjdƒ}|jjjdƒ}|jjj|j||ƒ}|jj|dkƒ|d|dfS)NzASN1_OCTET_STRING **z X509_NAME **r#r)r6r$r%r&ZOCSP_resp_get0_idr:r))rrLrNr,rrrrJØs  z!_OCSPResponse._responder_key_namecCs|jjj|jƒ}t|j|ƒS)N)r6r&ZOCSP_resp_get0_produced_atr:r )rÚ produced_atrrrrPász_OCSPResponse.produced_atcCsH|jjj|j|jjj|jjj|jjj|jjjƒ}|jj|tkƒt|S)N)r6r&ÚOCSP_single_get0_statusr;r$r(r)r)rr=rrrÚcertificate_statusés z _OCSPResponse.certificate_statuscCsr|jtjk rdS|jjjdƒ}|jjj|j|jjj ||jjj |jjj ƒ|jj |d|jjj kƒt |j|dƒS)NzASN1_GENERALIZEDTIME **r) rRrÚREVOKEDr6r$r%r&rQr;r(r)r )rÚ asn1_timerrrÚrevocation_timeös  z_OCSPResponse.revocation_timecCs||jtjk rdS|jjjdƒ}|jjj|j||jjj |jjj |jjj ƒ|ddkrXdS|jj |dt kƒt |dSdS)Nzint *rr#éÿÿÿÿ) rRrrSr6r$r%r&rQr;r(r)r)rZ reason_ptrrrrÚrevocation_reasons   z_OCSPResponse.revocation_reasoncCsb|jjjdƒ}|jjj|j|jjj|jjj||jjjƒ|jj|d|jjjkƒt|j|dƒS)NzASN1_GENERALIZEDTIME **r) r6r$r%r&rQr;r(r)r )rrTrrrÚ this_updates z_OCSPResponse.this_updatecCsb|jjjdƒ}|jjj|j|jjj|jjj|jjj|ƒ|d|jjjkrZt|j|dƒSdSdS)NzASN1_GENERALIZEDTIME **r)r6r$r%r&rQr;r(r )rrTrrrÚ next_update,sz_OCSPResponse.next_updatecCst|j|jƒS)N)r-r6r<)rrrrÚissuer_key_hash<sz_OCSPResponse.issuer_key_hashcCst|j|jƒS)N)r.r6r<)rrrrÚissuer_name_hashAsz_OCSPResponse.issuer_name_hashcCst|j|jƒS)N)r4r6r<)rrrrÚhash_algorithmFsz_OCSPResponse.hash_algorithmcCst|j|jƒS)N)r0r6r<)rrrrÚ serial_numberKsz_OCSPResponse.serial_numbercCs|jjj|jƒS)N)r6Z_ocsp_basicresp_ext_parserÚparser:)rrrrÚ extensionsPsz_OCSPResponse.extensionscCs|jjj|jƒS)N)r6Z_ocsp_singleresp_ext_parserr^r;)rrrrÚsingle_extensionsUsz_OCSPResponse.single_extensionscCsL|tjjk rtdƒ‚|jjƒ}|jjj||jƒ}|jj |dkƒ|jj |ƒS)Nz/The only allowed encoding value is Encoding.DERr) rÚEncodingÚDERrr6Ú_create_mem_bio_gcr&Zi2d_OCSP_RESPONSE_bior7r)Ú _read_mem_bio)rÚencodingÚbior,rrrÚ public_bytesZs   z_OCSPResponse.public_bytesN)Ú__name__Ú __module__Ú __qualname__r>rZread_only_propertyrÚpropertyr"r@rArBrErIrMrOrJrPrRrUrWrXrYrZr[r\r]Úcached_propertyr_r`rgrrrrr5hsT      r5c@sZeZdZdd„Zedd„ƒZedd„ƒZedd„ƒZed d „ƒZe j d d „ƒZ d d„Z dS)Ú _OCSPRequestcCs~|jj|ƒdkrtdƒ‚||_||_|jjj|jdƒ|_|jj|j|jjj kƒ|jjj |jƒ|_ |jj|j |jjj kƒdS)Nr#z+OCSP request contains more than one requestr) r&ZOCSP_request_onereq_countÚNotImplementedErrorr6Ú _ocsp_requestZOCSP_request_onereq_get0Z_requestr)r$r(ZOCSP_onereq_get0_idr<)rr*Z ocsp_requestrrrr>hs z_OCSPRequest.__init__cCst|j|jƒS)N)r-r6r<)rrrrrZvsz_OCSPRequest.issuer_key_hashcCst|j|jƒS)N)r.r6r<)rrrrr[zsz_OCSPRequest.issuer_name_hashcCst|j|jƒS)N)r0r6r<)rrrrr]~sz_OCSPRequest.serial_numbercCst|j|jƒS)N)r4r6r<)rrrrr\‚sz_OCSPRequest.hash_algorithmcCs|jjj|jƒS)N)r6Z_ocsp_req_ext_parserr^ro)rrrrr_†sz_OCSPRequest.extensionscCsL|tjjk rtdƒ‚|jjƒ}|jjj||jƒ}|jj |dkƒ|jj |ƒS)Nz/The only allowed encoding value is Encoding.DERr) rrarbrr6rcr&Zi2d_OCSP_REQUEST_bioror)rd)rrerfr,rrrrgŠs   z_OCSPRequest.public_bytesN) rhrirjr>rkrZr[r]r\rrlr_rgrrrrrmfs    rm)&Z __future__rrrr Z cryptographyrrZcryptography.exceptionsrZ0cryptography.hazmat.backends.openssl.decode_asn1rr r r r r Z)cryptography.hazmat.backends.openssl.x509rZcryptography.hazmat.primitivesrZcryptography.x509.ocsprrrrrrrr"r-r.r0r4Zregister_interfaceÚobjectr5rmrrrrÚs"    $  ~